{"uuid": "0abb2132-e20b-4c44-a0e5-2140e81a2da4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3938", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/1657", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-3938 - Apache DotAdmin HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-3938 \nPublished : July 25, 2024, 10:15 p.m. | 41\u00a0minutes ago \nDescription : The \"reset password\" login page accepted an HTML injection via URL parameters.  \n  \nThis has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a  http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E   \n  \nThis will result in a view along these lines:  \n  \n  \n  \n  \n  \n  *  OWASP Top 10 - A03: Injection  \n  *  CVSS Score: 5.4  \n  *   AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N    \n  *   ...  \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T01:16:50.000000Z"}